hydra | 75b693bb2da7c3c94ceb07b88ff9bee0dccaad15425e56344e415addbcf3737c

Resubmissions

16-01-2023 15:27

230116-svwywshb86 10

16-01-2023 06:50

230116-hlw77aag65 10

Analysis

max time kernel
3137004s
max time network
94s
platform
android_x86
resource
android-x86-arm-20220823-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20220823-enlocale:en-usos:android-9-x86system
submitted
16-01-2023 15:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Google_Play_Store.apk
Size

3.1MB
MD5

06cf10298c93ba089b7d6ff8dc83fdb1
SHA1

75bfb5c86bed1e4fa431620163b1707e0645b083
SHA256

75b693bb2da7c3c94ceb07b88ff9bee0dccaad15425e56344e415addbcf3737c
SHA512

2d4508e8d563351ac1699f776b2e632cbfc5f6e967fa1a1a05b9d4098eb3a3b7e7d83400032bb44f0cc1144da1e0e1c1881e249bea9eda0ffece0d3edc7c1bb9
SSDEEP

98304:UvLCmQAVcZff+/baymELAkyzjh4GwnO3WDWMgk:UumQ2cZfG/baymiAkyzj7wnOG5gk

Score

10^/10

hydra banker infostealer trojan

Malware Config

Signatures

Hydra
Android banker and info stealer.
banker trojan infostealer hydra

Hydra payload 2 IoCs

Processes:

resource	yara_rule
/data/user/0/com.wagon.track/app_DynamicOptDex/OdyqAaN.json	family_hydra
/data/user/0/com.wagon.track/app_DynamicOptDex/OdyqAaN.json	family_hydra

Makes use of the framework's Accessibility service. 2 IoCs

Processes:

com.wagon.track

description	ioc	process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId	com.wagon.track
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	com.wagon.track

Loads dropped Dex/Jar 2 IoCs

Runs executable file dropped to the device during analysis.

Processes:

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.wagon.track/app_DynamicOptDex/OdyqAaN.json --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/user/0/com.wagon.track/app_DynamicOptDex/oat/x86/OdyqAaN.odex --compiler-filter=quicken --class-loader-context=&com.wagon.track

ioc	pid	process
/data/user/0/com.wagon.track/app_DynamicOptDex/OdyqAaN.json	4118	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.wagon.track/app_DynamicOptDex/OdyqAaN.json --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/user/0/com.wagon.track/app_DynamicOptDex/oat/x86/OdyqAaN.odex --compiler-filter=quicken --class-loader-context=&
/data/user/0/com.wagon.track/app_DynamicOptDex/OdyqAaN.json	4025	com.wagon.track

com.wagon.track
1⤵
- Makes use of the framework's Accessibility service.
- Loads dropped Dex/Jar
PID:4025

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.wagon.track/app_DynamicOptDex/OdyqAaN.json --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/user/0/com.wagon.track/app_DynamicOptDex/oat/x86/OdyqAaN.odex --compiler-filter=quicken --class-loader-context=&
2⤵
- Loads dropped Dex/Jar
PID:4118

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.wagon.track/app_DynamicOptDex/OdyqAaN.json
Filesize
1.6MB

MD5
281bbe18016d45aa9798a7fd3d4700f6

SHA1
0b342c1a181b9acaa009b0ef8220396d4cef89f3

SHA256
1ad48872e0643b81541465070ee063aa115bf6fed538e252f745ae34f574b41b

SHA512
600e0a742b475b1ec93095e126befb920a490f90bce605114aea7c11d91a0c4b6a18dfe4a9fe83a5fb8da800bbfec0ca33732e9ce4a4dc5bb9718e57271049ba

Download Submit
/data/user/0/com.wagon.track/app_DynamicOptDex/OdyqAaN.json
Filesize
4.4MB

MD5
e9613f4e53cd9ec40ef7558f3c2f8e34

SHA1
e950b1f9b4a1c83c1077a86a7323e7387a698b9e

SHA256
90e9f8565aa494b879b4d4f456271a6fe4950f8bd30a9aa59ee0f5b319680cd7

SHA512
94263d6ff74e86e87d828bfb44fae2e8923e09c3318120a69fbbd0b3ab7f9a09b6573d8f47f545096c1e97bbcccde504a73c9f9b686a8d0a460caa5a09e3e476

Download Submit
/data/user/0/com.wagon.track/app_DynamicOptDex/OdyqAaN.json
Filesize
4.4MB

MD5
5e778fa1b19c3d2f83f4547f9eb1fe3c

SHA1
bbeef5360c21685137d05c1a3eadbdf6626eb75a

SHA256
cda6b26aa4a8bf4d97933d4cb7d1caf1b537ac2539ed399925927b467fcb29e5

SHA512
d5c703400e1d182f7c5a8f575a27b30ed0afdc8029d148700101dc890ea97b683471280f68e9b46462b48b28653486de8bd615cecf7cd67d81df2c8e605fca9f

Download Submit
/data/user/0/com.wagon.track/app_DynamicOptDex/OdyqAaN.json.x86.flock
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.wagon.track/app_DynamicOptDex/oat/OdyqAaN.json.cur.prof
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.wagon.track/app_DynamicOptDex/oat/x86/OdyqAaN.odex
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.wagon.track/app_DynamicOptDex/oat/x86/OdyqAaN.vdex
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.wagon.track/shared_prefs/pref_name_setting.xml
Filesize
387B

MD5
54d7da4b504f06d348f099fcbfbeac63

SHA1
b382f64d4efa9c0d977c9fbaadabed09bdd9f6ac

SHA256
a68377c06bf1e49bf605287e6cc1622e2ea25f044a0f0a655d97f4910d1b6a4d

SHA512
821c64fcfad713d3cacef2a502e8711721d356fce65f66f88bb5cccccf0f0370c94a6d7abeae6cfa4a5ca78123a1cf4c9fea9568bc2a66265f70fee912b4465c

Download Submit
/data/user/0/com.wagon.track/shared_prefs/pref_name_setting.xml
Filesize
137B

MD5
1816d37578fbf234c7ca59dd9fdf3fb4

SHA1
1b4afbacb19b999a452a1f4d494208337df4ffd1

SHA256
c59fdadd43c867cd3c16c8eb2dd35f39fe5371c91310d6a554dd0a77a15e6042

SHA512
47c3f3d9f7cd2fea196f3c57a349ab0370136a508a35402979fdcd330d5fd740e049f2abd7d31c7e71242f523d59b0933b152f07a5ead164ba03b6e790b3e1b3

Download Submit
/data/user/0/com.wagon.track/shared_prefs/pref_name_setting.xml
Filesize
203B

MD5
7438f78a44a2c0f42ce238d8a860b686

SHA1
2402cc89c44cb0b66348a5f9cab37fdb8a90a916

SHA256
91a41a3d6a45b6e4f811159bdf884b969ba8e1697257357ab5455c3b6dc091dc

SHA512
4fb6d2c63455866fccc3714001ecc4d866501be0058c4c8cd08608b20aaca1faac6870e4945bb6d4187f64eb909a88401e0a7777eed9b55fb156feb31344e451

Download Submit
/data/user/0/com.wagon.track/shared_prefs/pref_name_setting.xml
Filesize
265B

MD5
ad023a826565a2a863c842eca664df43

SHA1
3bf0486264d6059279dceef26e5f5ccc9cbc9df6

SHA256
84e0d59315ec368c95a3d3e701e19246725cbabac297cefd2d4b1d89daa0d3f2

SHA512
2af06d7353d4d7011888eabe65e677fb6e5db16db9d7280b2d006e5f4cd868c09f0a3a4e48a5049dd8cade6c386da95c6e5e309aa477c3087539f917dd7e259b

Download Submit
/data/user/0/com.wagon.track/shared_prefs/pref_name_setting.xml
Filesize
326B

MD5
affa6d43a57cae203a1c5e0d12ddfe96

SHA1
09d33a818dd4959a6986f03a840db68a54150e39

SHA256
07f415de313e9a1f9e76ca5830bc8c2686f2d842cf04187060639606bb68b37a

SHA512
d1645dbe8c8a32686c2fd1a503765e240da5a9c0a05266664804630cdc77874244a64c4e1c6486557d67a32c6d2d961deb417db13fde4bcc31c4bab79db00f42

Download Submit
/data/user/0/com.wagon.track/shared_prefs/prefs30.xml
Filesize
139B

MD5
1c6b6a6a91f2ccf7ac553f9a439ad69e

SHA1
270b45bc1c3255f95fecf8bfa85f7dbfc8fb5748

SHA256
a7958ee3107cac53056bac67328f317cf9e3aaf4533e1072f0c4f0334ebbffa6

SHA512
8a61fcab1bc82977f72af693d4a749ad41df81a9a9c6eaafee0f4ffd36a34f069a259c6b20046a8bce58a6eab526df122cb82e8d093be73cf5ff9d41e489bf8e

Download Submit